• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
The Oakmont Group

The Oakmont Group

Help your company podcast get 100,000 downloads

  • Federal Tech Podcast
  • Bike for Your Beer
  • Swing for the Stars
  • About
  • Contact

Ep. 34 Weaponized Files and Federal Cybersecurity

November 15, 2022

apple podcasts logo
spotify logp
darrin
Darrin Curtis
menlo security

In today’s interview, Darrin Curtis from Menlo Security gives an overview of how to protect against new kinds of cyber threats to the federal government. Rather than a direct assault, a new breed of malicious actors take files that are considered to be safe and incorporate malicious code. To describe this new category, he uses a curious acronym HEAT, Highly Evasive Adaptive Threats.

Malicious actors leave no stone unturned in creative ways to attack federal technology. We all know that the perimeter has been breached and we must rely on Zero Trust Architecture.  The next level of attack is to attack the word “trust” itself.

Traditionally, file formats like PDFs have been viewed as unbreakable. When most people get an email from a colleague with a PDF file, they would normally trust it. This is also true with Excel or Word documents that are transferred on a normal business day.

Today, these files can have malicious code injected into them. 

#weaponized files "But it's detonating in the cloud away from the the person's machine or the agency network"

Darrin Curtis, Menlo Security Tweet

Another approach is to take advantage of that “trust” is by altering HTML code. Some malicious actors will disguise malware into HTML code, called “HTML Smuggling.” This time, instead of a PDF in an email, it may be an innocent link. This is made possible by HTML5’s ability for download capability.

During the interview, Darrin reinforces the concept that compliance does not ensure an agency is secure. Some studies show ransomware is one of the biggest single threats to government networks; the delivery mechanism can include these HEAT files.

If this interview piques your interest in Menlo Security, then you can download the free report titled “Modernizing Secure Access Through Zero Trust”

Also, to expand the topic of trust, you may want to listen to episode #27  Using Technology to Build Trust in the Federal Government

Transcript for podcast
Transcript for Ep. 34
Federal Tech Podast
John Gilroy

John Gilroy

Has been behind a microphone since 1991.  He can help you structure, launch, and promote your company podcast.  johngilroy@theoakmontgroupllc.com  

Federal Tech Podcast Darrin Curtis,  Ep. 33,  Menlo Security

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

federal tech podcast logo

The purpose of the Federal Tech Podcast to discuss innovation to reduce cost for federal technology. Contact us if you think you are a good fit.

Recent Posts

  • Ep. 95 How Akamai Improves Federal Cybersecurity
  • Ep. 94 Can Service Mesh Address Federal Challenges?
  • Ep. 93 Predictive Identity Document Verification
  • Ep. 92 Digital Transformation and Identity Management
  • Ep. 91 Insights on the National Cyber Security Strategy
constellations podcast from Kratos

Fascinated by going to Mars?

Right now in Los Angeles a company is 3D printing rockets;  30,000 satellites will be launched in the next five years; satellite communications have advanced so far that companies are using normal cell phones to connect to satellites.  How to keep up with all this excitement?  The Constellations Podcast from Kratos.

Let’s work together

Get in touch with us and send some basic info about your podcast.

Appear on Federal Tech Podcast

Footer

Social

Follow along on social media.

email

johngilroy@theoakmontgroupllc.com

Policy

Policy for The Oakmont Group

Copyright © 2023 · Business Pro Theme on Genesis Framework · WordPress · Log in